---
title: "FreeBSD 4.7-RELEASE Errata"
sidenav: download
---

++++


        <h3 class="CORPAUTHOR">The FreeBSD Project</h3>

        <p class="COPYRIGHT">Copyright &copy; 2000, 2001, 2002,
        2003 by The FreeBSD Documentation Project</p>

        <p class="PUBDATE">$FreeBSD:
        src/release/doc/en_US.ISO8859-1/errata/article.sgml,v
        1.1.2.97 2003/03/20 20:03:52 bmah Exp $<br />
        </p>
        <hr />
      </div>

      <blockquote class="ABSTRACT">
        <div class="ABSTRACT">
          <a id="AEN12" name="AEN12"></a>

          <p>This document lists errata items for FreeBSD
          4.7-RELEASE, containing significant information
          discovered after the release. This information includes
          security advisories, as well as news relating to the
          software or documentation that could affect its operation
          or usability. An up-to-date version of this document
          should always be consulted before installing this version
          of FreeBSD.</p>

          <p>This errata document for FreeBSD 4.7-RELEASE will be
          maintained until the release of FreeBSD 4.8-RELEASE.</p>
        </div>
      </blockquote>

      <div class="SECT1">
        <hr />

        <h1 class="SECT1"><a id="AEN15" name="AEN15">1
        Introduction</a></h1>

        <p>This errata document contains ``late-breaking news''
        about FreeBSD 4.7-RELEASE. Before installing this version,
        it is important to consult this document to learn about any
        post-release discoveries or problems that may already have
        been found and fixed.</p>

        <p>Any version of this errata document actually distributed
        with the release (for example, on a CDROM distribution)
        will be out of date by definition, but other copies are
        kept updated on the Internet and should be consulted as the
        ``current errata'' for this release. These other copies of
        the errata are located at <a
        href="http://www.FreeBSD.org/releases/"
        target="_top">http://www.FreeBSD.org/releases/</a>, plus
        any sites which keep up-to-date mirrors of this
        location.</p>

        <p>Source and binary snapshots of FreeBSD 4-STABLE also
        contain up-to-date copies of this document (as of the time
        of the snapshot).</p>

        <p>For a list of all FreeBSD CERT security advisories, see
        <a href="http://www.FreeBSD.org/security/"
        target="_top">http://www.FreeBSD.org/security/</a> or <a
        href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"
        target="_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</a>.</p>
      </div>

      <div class="SECT1">
        <hr />

        <h1 class="SECT1"><a id="AEN26" name="AEN26">2 Security
        Advisories</a></h1>

        <p>Buffer overflows in kadmind(8) and k5admin could
        potentially cause the administrative server to execute
        arbitrary code. Bugfix and workaround information can be
        found in security advisory <a
        href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:40.kadmind.asc"
         target="_top">FreeBSD-SA-02:40</a>.</p>

        <p>Errors in <a
        href="http://www.FreeBSD.org/cgi/man.cgi?query=smrsh&sektion=8&manpath=FreeBSD+4.7-stable">
        <span class="CITEREFENTRY"><span
        class="REFENTRYTITLE">smrsh</span>(8)</span></a>, which
        could allow users to circumvent restrictions on what
        programs can be executed, were fixed in FreeBSD
        4.7-RELEASE. Because the applicable security advisory (<a
        href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:41.smrsh.asc"
         target="_top">FreeBSD-SA-02:41</a>) was not issued after
        the release, this fact was not included in the release
        notes.</p>

        <p>Buffer overflows in the DNS <a
        href="http://www.FreeBSD.org/cgi/man.cgi?query=resolver&sektion=3&manpath=FreeBSD+4.7-stable">
        <span class="CITEREFENTRY"><span
        class="REFENTRYTITLE">resolver</span>(3)</span></a>, which
        could cause some applications to fail, have been corrected.
        This change was not mentioned in the release notes, as the
        applicable security advisory (<a
        href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:42.resolv.asc"
         target="_top">FreeBSD-SA-02:42</a>) was not issued until
        after the release.</p>

        <p>Several vulnerabilities exist in the version of <b
        class="APPLICATION">BIND</b> included with FreeBSD
        4.7-RELEASE. More information, including bugfixes and
        workaround suggestions, can be found in security advisory
        <a
        href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:43.bind.asc"
         target="_top">FreeBSD-SA-02:43</a>.</p>

        <p>A file descriptor leak in the <a
        href="http://www.FreeBSD.org/cgi/man.cgi?query=fpathconf&sektion=2&manpath=FreeBSD+4.7-stable">
        <span class="CITEREFENTRY"><span
        class="REFENTRYTITLE">fpathconf</span>(2)</span></a> system
        call, can allow a local user to crash the system or cause a
        privilege escalation. Bugfix information can be found in
        security advisory <a
        href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc"
         target="_top">FreeBSD-SA-02:44</a>.</p>

        <p>Remotely exploitable vulnerabilities in <b
        class="APPLICATION">CVS</b> could allow an attacker to
        execute arbitrary comands on a CVS server. More details can
        be found in security advisory <a
        href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc"
         target="_top">FreeBSD-SA-03:01</a>.</p>

        <p>A timing-based attack on <b
        class="APPLICATION">OpenSSL</b>, could allow a very
        powerful attacker access to plaintext under certain
        circumstances. This problem has been corrected in FreeBSD
        4.8-RC with an upgrade to <b
        class="APPLICATION">OpenSSL</b> 0.9.7. On supported
        security fix branches, this problem has been corrected with
        the import of <b class="APPLICATION">OpenSSL</b> 0.9.6i.
        See security advisory <a
        href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:02.openssl.asc"
         target="_top">FreeBSD-SA-03:02</a> for more details.</p>

        <p>It may be possible to recover the shared secret key used
        by the implementation of the ``syncookies'' feature. This
        reduces its effectiveness in dealing with TCP SYN flood
        denial-of-service attacks. Workaround information and fixes
        are given in security advisory <a
        href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:03.syncookies.asc"
         target="_top">FreeBSD-SA-03:03</a>.</p>

        <p>Due to a buffer overflow in header parsing in <b
        class="APPLICATION">sendmail</b>, a remote attacker can
        create a specially-crafted message that may cause <a
        href="http://www.FreeBSD.org/cgi/man.cgi?query=sendmail&sektion=8&manpath=FreeBSD+4.7-stable">
        <span class="CITEREFENTRY"><span
        class="REFENTRYTITLE">sendmail</span>(8)</span></a> to
        execute arbitrary code with the privileges of the user
        running it, typically <tt class="USERNAME">root</tt>. More
        information, including pointers to patches, can be found in
        security advisory <a
        href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc"
         target="_top">FreeBSD-SA-03:04</a>.</p>

        <p>The XDR encoder/decoder does incorrect bounds-checking,
        which could allow a remote attacker to cause a
        denial-of-service. For bugfix information, see security
        advisory <a
        href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:05.xdr.asc"
         target="_top">FreeBSD-SA-03:05</a>.</p>
      </div>

      <div class="SECT1">
        <hr />

        <h1 class="SECT1"><a id="AEN68" name="AEN68">3
        Late-Breaking News</a></h1>

        <p>Due to concerns over the licensing terms for the <a
        href="http://www.FreeBSD.org/cgi/man.cgi?query=matcd&sektion=4&manpath=FreeBSD+4.7-stable">
        <span class="CITEREFENTRY"><span
        class="REFENTRYTITLE">matcd</span>(4)</span></a> driver
        uncovered late in FreeBSD 4.7-RELEASE's release cycle, the
        <a
        href="http://www.FreeBSD.org/cgi/man.cgi?query=matcd&sektion=4&manpath=FreeBSD+4.7-stable">
        <span class="CITEREFENTRY"><span
        class="REFENTRYTITLE">matcd</span>(4)</span></a> driver was
        removed. These issues are being addressed and this driver
        may reappear in a future release of FreeBSD.</p>

        <p>The <tt class="FILENAME">srelease</tt> distribution
        contains object files for <a
        href="http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+4.7-stable">
        <span class="CITEREFENTRY"><span
        class="REFENTRYTITLE">sysinstall</span>(8)</span></a> in
        the <tt class="FILENAME">release/sysinstall</tt> directory.
        These files were generated during the release building
        process but, for some reason, were not removed from the
        distribution files. They are harmless.</p>

        <p>The <a
        href="http://www.FreeBSD.org/cgi/url.cgi?ports/databases/rdfdb/pkg-descr">
        <tt class="FILENAME">databases/rdfdb</tt></a> and <a
        href="http://www.FreeBSD.org/cgi/url.cgi?ports/mail/ssmtp/pkg-descr">
        <tt class="FILENAME">mail/ssmtp</tt></a> packages included
        in the 4.7-RELEASE package set cannot be installed
        correctly. A workaround is to build and install these
        programs using the Ports Collection.</p>

        <p>The <a
        href="http://www.FreeBSD.org/cgi/url.cgi?ports/net/gnomeicu/pkg-descr">
        <tt class="FILENAME">net/gnomeicu</tt></a> package included
        in the 4.7-RELEASE package set may not run correctly, due
        to a missing dependency on the <a
        href="http://www.FreeBSD.org/cgi/url.cgi?ports/net/gnet/pkg-descr">
        <tt class="FILENAME">net/gnet</tt></a> package. To work
        around this problem, install <a
        href="http://www.FreeBSD.org/cgi/url.cgi?ports/net/gnet/pkg-descr">
        <tt class="FILENAME">net/gnet</tt></a> either from a
        package or the Ports Collection, preferably before
        installing <a
        href="http://www.FreeBSD.org/cgi/url.cgi?ports/net/gnomeicu/pkg-descr">
        <tt class="FILENAME">net/gnomeicu</tt></a>.</p>

        <p>The release notes for FreeBSD 4.7-RELEASE incorrectly
        stated that the <tt class="OPTION">-J</tt> option to <a
        href="http://www.FreeBSD.org/cgi/man.cgi?query=xargs&sektion=1&manpath=FreeBSD+4.7-stable">
        <span class="CITEREFENTRY"><span
        class="REFENTRYTITLE">xargs</span>(1)</span></a> is
        deprecated. In fact, there are no plans to remove this
        option.</p>

        <p><a
        href="http://www.FreeBSD.org/cgi/man.cgi?query=ftpd&sektion=8&manpath=FreeBSD+4.7-stable">
        <span class="CITEREFENTRY"><span
        class="REFENTRYTITLE">ftpd</span>(8)</span></a> has a bug
        in its virtual hosting function triggered if <tt
        class="FILENAME">/etc/ftphosts</tt> defines a virtual host
        whose IP address can resolve back to a hostname. In that
        case the daemon will be exiting on <tt
        class="LITERAL">SIGSEGV</tt> (signal 11) if started from <a
        href="http://www.FreeBSD.org/cgi/man.cgi?query=inetd&sektion=8&manpath=FreeBSD+4.7-stable">
        <span class="CITEREFENTRY"><span
        class="REFENTRYTITLE">inetd</span>(8)</span></a>, or may
        malfunction unpredictably if running stand-alone. This bug
        has been fixed in FreeBSD 4.8-RC.</p>
      </div>
    </div>
    <hr />

    <p align="center"><small>This file, and other release-related
    documents, can be downloaded from <a
    href="http://snapshots.jp.FreeBSD.org/">http://snapshots.jp.FreeBSD.org/</a>.</small></p>

    <p align="center"><small>For questions about FreeBSD, read the
    <a href="http://www.FreeBSD.org/docs.html">documentation</a>
    before contacting &#60;<a
    href="mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>&#62;.</small></p>

    <p align="center"><small><small>All users of FreeBSD 4-STABLE
    should subscribe to the &#60;<a
    href="mailto:stable@FreeBSD.org">stable@FreeBSD.org</a>&#62;
    mailing list.</small></small></p>

    <p align="center">For questions about this documentation,
    e-mail &#60;<a
    href="mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>&#62;.</p>
    <br />
    <br />
++++


